During a source code audit, Chris Evans and others discovered a number
of integer overflow bugs that affected all versions of Xpdf. An
attacker could construct a carefully crafted PDF file that could cause
Xpdf to crash or possibly execute arbitrary code when opened. This
issue was assigned the name CVE-2004-0888 by The Common
Vulnerabilities and Exposures project (cve.mitre.org). RHSA-2004:592
contained a fix for this issue, but it was found to be incomplete and
left 64-bit architectures vulnerable. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2005-0206
to this issue.

All users of xpdf should upgrade to this updated package, which
contains backported patches to resolve these issues.

Training & Certification

The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.